The original problem Bryan was seeing was that the dialog that prompts the user to allow (or not) UniversalXPConnect priveleges lists "" as the name of the site requesting the priveleges. That string comes nsPrincipal::GetCommonName, if the nsIPrincipal for the page has a certificate.
I just did more tracing back where that string comes from originally, and it looks like it's supposed to be set by nsNSSComponent::VerifySignature (to whatever GetOrganization returns).
GetOrganization returns a UTF8 string containing the value of the certificate's "Organization" subject name attribute, if any, and (IIRC) an empty string otherwise.
IIRC, the cert in question has no Organization attribute, ...
So, I'd conclude that object signer certs are supposed to have organization names in them. This is yet another reason why I oppose supporting people who are attempting to play CA. mozilla doesn't benefit from the effort.
I'm not sure whether that's happening, and I've filed bug 240628 on the issue and cced you (I hope that's ok).
-Boris
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
